package com.campsys.config;

import com.campsys.entity.User;
import com.campsys.service.UserService;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Slf4j
@Component
public class UserRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        User user = (User) principals.getPrimaryPrincipal();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        
        // 根据角色类型添加角色
        switch (user.getRoleType()) {
            case 0:  // 超级管理员
                info.addRole("root");
                info.addRole("admin");
                info.addRole("teacher");
                info.addRole("student");  // 同时具有学生角色
                // 添加所有权限
                info.addStringPermission("activity:*");
                info.addStringPermission("class:*");
                info.addStringPermission("student:*");
                info.addStringPermission("teacher:*");
                info.addStringPermission("course:*");
                info.addStringPermission("unit:*");
                info.addStringPermission("learning:*");  // 添加学习管理权限
                break;
                
            case 1:  // 活动管理员
                info.addRole("admin");
                // 添加活动管理权限
                info.addStringPermission("activity:*");
                info.addStringPermission("class:*");
                info.addStringPermission("student:*");
                info.addStringPermission("teacher:*");
                break;
                
            case 2:  // 教师
                info.addRole("teacher");
                // 添加课程管理权限
                info.addStringPermission("course:*");
                info.addStringPermission("unit:*");
                break;
                
            case 3:  // 学生
                info.addRole("student");
                // 添加学习管理权限
                info.addStringPermission("learning:view");
                info.addStringPermission("learning:start");
                info.addStringPermission("learning:complete");
                info.addStringPermission("learning:download");
                info.addStringPermission("learning:sign");  // 添加点名权限
                break;
        }
        
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String username = upToken.getUsername();
        String password = new String(upToken.getPassword());
        
        log.info("正在验证用户: {}", username);
        
        // 查询用户信息
        User user = userService.getByUsername(username);
        if (user == null) {
            log.info("用户不存在: {}", username);
            throw new UnknownAccountException("账号不存在");
        }
        
        if (user.getStatus() == 0) {
            log.info("用户已被锁定: {}", username);
            throw new LockedAccountException("账号已被锁定");
        }
        
        // 直接比较密码
        if (!user.getPassword().equals(password)) {
            log.info("密码错误: {}", username);
            throw new IncorrectCredentialsException("密码错误");
        }
        
        log.info("用户验证成功: {}", username);
        return new SimpleAuthenticationInfo(user, password, getName());
    }
} 